CVE-2024-0229

moderate-risk

Published 2024-02-09

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.

Do I need to act?

0.32% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (16)

X Server

Xwayland

Fedora

Enterprise Linux

Enterprise Linux Aus

Enterprise Linux Eus

Enterprise Linux Tus

Enterprise Linux Update Services For Sap Solutions

Affected Vendors

Redhat X.Org Fedoraproject

References (37)

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0320

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0557

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0558

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0597

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0607

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0614

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0617

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0621

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0626

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0629

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:2169

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:2170

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:2995

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:2996

https://access.redhat.com/errata/RHSA-2025:12751

Third Party Advisory https://access.redhat.com/security/cve/CVE-2024-0229

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2256690

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0320

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0557

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0558

and 17 more references

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 18/34 · Moderate